Jarvis | Automated bug hunting tool | Reconnaissance tool
Jarvis is a cloud/Docker-based automated bug hunting tool that can run in both ways locally or on a server. it is built on a ubuntu docker image, so it is easy to set up.
what Jarvis can do?
- will give a list of all subdomains for the given target domain. along with the status code. [ use Amass, Sublist3r, Subfinder, assetfinder and github-subdomains ]
- directory brute force for 403, and 404. check 404 for subdomain takeover.
- give a table for all alive subdomains along with their Status Code and title.
- give all URLs from different sources, for all the subdomains, and classify the URLs on the basis of a possible attack on them, like XSS, RXSS, SQLI, IDOR, Redirect URL, RCE, LFI, etc [ use Waybackurls, Gau, etc to find the URLs ]
- check for s3 buckets for each subdomain, and also list out all the s3bucket names collected from the JS/HTML files.
- create a list of all subdomains which are using the WordPress server. also, check whether the XMLRPC server is enabled or not.
- it will notify you via email about the attack status
- you can launch the attack using the web page, or by sending a crafted email to Jarvis's email id.
- all the attack data will be stored in an s3 bucket so you can download it whenever you want.
Prerequisites
- at least 2GB RAM
- good internet connection
- Active AWS account
- Github account
Setting up Jarvis on AWS EC2 instance
Step 1: getting required credentials ready =>
i) Github tokens =>
while performing subdomain enumeration, s3-bucket enumeration, etc. Jarvis needs at least two Github tokens.
To generate the tokens => first open your Github account -> open settings
Scroll down to the bottom, you can see Developer Settings -> click on it -> click on personal access tokens
click on generate new token -> give the name -> give all kinda read access ( write access not required ) -> don’t forget to change expiration period to never expired.
finally, click on generate a token
copy the token and save it in a file with the name TOKENSFILE, generate at least two tokens, and saved them in the same file line by line.
ii) AWS user access/secret key =>
Sign into your AWS console -> search for IAM -> open it
On the left panel, click on users -> then click on add user ->
give user name -> check for programmatic access ->
Create a group -> give administrative access to this group -> create a group
Check for the group you have created -> next
give any tag you want -> next -> create user
Now copy the access and secret key for the user
done !!
step 2: making resources ready =>
i) Creating an s3 bucket: for storing data of Jarvis, and reconn data of target => In AWS console, search for s3 and open it
Create bucket ->
Give name -> and block all kinda public access, to make the bucket secure
Create bucket -> done !!
ii) launching EC2 instance =>
to run the Jarvis you need an EC2 instance, for Jarvis best recommendation is
- t2.micro
- 30 GB SSD
- Ubuntu 20.04 AMI
Open AWS console account -> search of EC2 -> open the page
Click on Launch Instance ->
Give name -> select ubuntu image ->
Click on create a new key pair : this is useful for SSH login /sign-in on instance ->
Give name for key -> select RSA -> select perm -> create the key -> download and save it
Select create security group -> select ssh -> select HTTP -> select HTTPS ->
Give 30GB storage -> launch instance
Instance launch successfully, click on view instance to check the instance status ->
Jarvis Installation
- . connect to the EC2 instance you have created using ssh-key -> select the instance -> click on connect
2) now open the terminal, in the folder where you have stored the key -> give permission of key ->
$ chmod 400 “key_name.pem”
and then to connect to the server give the example command as shown in the connect pop ->
$ ssh -i “jarvis.pem” ubuntu@ec2–52–66–206–62.ap-south-1.compute.amazonaws.com
give sudo su to be root.
3). now install git ->
$ apt-get install git
with ubuntu 20.04 it will come pre-installed.
git clone the Jarvis repo -> https://github.com/veer1024/Jarvis.git
$ git clone https://github.com/veer1024/Jarvis.git
now cd to Jarvis directory and run the setup.sh file
$ cd Jarvis
$ bash setup.sh
Now here Jarvis is installed, and we need to configure it ->
run this command in the terminal ->
$ docker run -it -p 80:80 hackpeas/jarvis-the-hunter:1.0
# sudo su
root@docker_id# cd Jarvis
root@docker_id# bash start.sh
now go to your, AWS console -> EC2 management -> for the jarvis server -> copy the ipv4 domain link
and open it in a browser ->
Click on the admin tab -> you need to put AWS user credentials and bucket name here ->
Click on save credentials -> cross-verify that the credentials are saved properly, by checking cat /etc/creds.config file
Now go admin tab again -> click on Choose file in github token upload section ->
choose the file TOKENSFILE ( containing Github token per line ) -> upload token file -> check the file upload successful message ->
Cross-verify by checking content of /etc/creds/TOKENSFILE
now go to jarvis docker terminal -> click exit -> click exit -> to EC2 ubuntu terminal -> check for docker ps
$ docker ps — all
now you need to commit the changes you made in your Jarvis image ->
$ docker commit “LATEST_CONTAINED_ID” hackpeas/jarvis-the-hunter:1.0
Now changes are stored, you can cross-verify by again opening the docker container and by checking /etc/creds.config && /etc/creds/TOKENSFILE
INSTALLATION && CONFIGURATION done successfully !!
check https://github.com/veer1024/Jarvis -> for a user help guide -> how to use Jarvis
if you like the tool, give it a star on Github and clap on this post
For more DevOps, CTFs and bug bounty writeup, or content related to ethical hacking, android penetration testing. follow me on:
Youtube: https://www.youtube.com/channel/UC17W_Ircv7EmIIdbJeOQ_BQ
Instagram: https://www.instagram.com/hackpeas/
Linkedin: https://www.linkedin.com/in/viraj-vaishnav-19b0a61aa/
Twitter: https://twitter.com/VirajVaishnav16
Thank You..
